With new strategies and evolving targets, threat actors are expanding their reach into unexpected domains. Researchers uncovered XenoRAT being distributed via Excel XLL files protected by ConfuserEx, marking a departure from its regular delivery methods. Meanwhile, ESET identified two new Linux backdoors, WolfsBane and FireWood, suspected to be linked to the Gelsemium APT group. Cybercriminals are turning Telegram into a bustling marketplace for malware, with Lumma Stealer at the center of the trade. Two channels, with thousands of subscribers, were found spreading the malware. Read on for more.
01
Researchers spotted a unique deployment of XenoRAT using an Excel XLL file protected by ConfuserEx. This new version targets enterprise networks, in contrast to its previous focus on individual users.
02
ESET researchers identified two new Linux backdoors, WolfsBane and FireWood, which are attributed with high and low confidence, respectively, to the Gelsemium APT group.
03
The WorkflowKit Race Vulnerability (CVE-2024-27821) exposes users to potential data breaches or remote code execution by allowing malicious apps to intercept and modify shortcut files during import.
04
An updated version of NodeStealer targets Facebook Ads Manager accounts and browser-stored credit card data by unlocking database files via Windows Restart Manager and SQLite.
05
Criminals are now using a new method, referred to as Ghost Tap, to steal funds from victims by using NFC technology in mobile payment services like Google Pay and Apple Pay.
06
Two Telegram channels, namely VIP HitMaster Program and MegaProgram +, have been found distributing Lumma Stealer. The channels have hundreds of thousands of subscribers collectively.
07
A vulnerability (CVE-2024-52940) in AnyDesk could expose users' IP addresses when "Allow Direct Connections" is enabled. The flaw affects AnyDesk versions 8.1.0 and older on Windows systems.
08
Google's AI-powered fuzzing tool, OSS-Fuzz, identified 26 vulnerabilities in open-source repositories, including a medium-severity flaw (CVE-2024-9143) in OpenSSL.
09
Tech support scammers are using "Sad announcement" emails impersonating familiar individuals to lure victims. These emails contain links to fake security alerts hosted on short-lived domains.
10
Early stage risk intelligence and security startup Riggleman Information & Intelligence Group (RIIG) raised $3 million in a seed funding round led by Felton Group.
